Hotel guests locked out of their rooms due to ransomware

Management of a hotel in Austria is considering moving back to traditional locks after their modern electronic key system got disabled by hackers demanding ransom and guests could not enter their rooms.

As reported by an Austrian hospitality industry magazine Allgemeine Hotel- und Gastronomie-Zeitung (what a perfect German name!), one of local hotels was victim of several hacker attacks. Christoph Brandstätter, the Managing Director of hotel Seehotel Jägerwirt told the magazine that the hotel was planning moving back to traditional locks after one of recent attacks took down hotel IT infrastructure, including the key management system. Fortunately the attack took place during the day when all 180 guest were outside skiing. Hackers demanded 2 bitcoins to provide decryption keys and the hotel payed to restore room access for guests. While we expect the key system to have a fail-safe mechanism allowing for opening doors in case of power failure, the inability to close them once inside the room might constitute a significant issue for hotel guests.

The manager mentioned that that was the third time the hotel was attacked, with previous attempts at phishing were detected and caused only limited impact on hotel operations. Despite investing 10 000 EUR into IT security the third attack was successful and due to the high season the hotel decided to pay the ransom to be able to quickly return to normal operations. A few days later a fourth attack followed, but was stopped mainly due to network segmentation and equipment replacement. However the hotel management decided to limit exposure to future attacks by rolling back to regular locks and keys, also answering requests of some customers looking for a more traditional and home-like atmosphere.

So if you’re going skiing in Austria, don’t forget to install the antivirus in your room…